1. Field of the Invention
This invention pertains in general to computer security and in particular to preventing malicious and/or unauthorized code from executing on a computer system.
2. Background Art
A parasitic computer virus typically infects a computer system by inserting viral code into other executable programs stored on the computer system. This code can infect other files and/or computer systems, destroy data on the computer system, or perform other malicious actions. Other types of malicious code, including Trojan horses, worms, keystroke grabbers, etc. can also damage computer systems. Thus, there is a strong desire to prevent viruses and other malicious code from infecting and/or executing on a computer system.
One technique for preventing virus infections and other attacks is to install anti-virus software on the computer system in order to detect the presence of viruses and other malicious code. Anti-virus software utilizes various tools, such as string scanning and emulation, to detect malicious code and prevent it from damaging the computer system. However, certain types of malicious code, such as polymorphic, metamorphic, and obfuscated entry point threats, are difficult for anti-virus software to detect.
Another technique for preventing attacks is to establish mechanisms for detecting whether software has been altered by a virus or other malicious code. Code signing is one technique for detecting alterations. Digitally signed code includes values in computer programs that the computer system can use to detect whether the code has been altered. Code signing thus prevents tampering with executable content.
However, existing digital signing schemes are cumbersome. A software developer must obtain a digital certificate from a certificate authority (CA) in order to sign code and this is often a costly and tedious process. Moreover, the developer must securely manage the digital certificate to keep it from being compromised. Since most software developers will not go to the trouble of obtaining such a certificate, most software is not signed. Therefore, most computer systems are configured to execute both signed and unsigned code, meaning that the systems are susceptible to parasitic viruses.
Accordingly, there is a need in the art for a mechanism that allows software developers to easily obtain certificates and digitally sign computer programs. Such a mechanism will significantly reduce the threat of parasitic virus infection and other attacks by making it easier for end-users to detect malicious code.